<a href="/pkg/crypto/hmac/#New">New</a> will now panic if separate calls to

the hash generation function fail to return new values. Previously, the

behavior was undefined and invalid outputs were sometimes generated.

I/O operations on closing or closed TLS connections can now be detected using

the new <a href="/pkg/net/#ErrClosed">ErrClosed</a> error. A typical use

would be <code>errors.Is(err, net.ErrClosed)</code>. In earlier releases

the only way to reliably detect this case was to match the string returned

by the <code>Error</code> method with <code>"tls: use of closed connection"</code>.

A default deadline is set in <a href="/pkg/crypto/tls/#Conn.Close">Close</a>

before sending the close notify alert, in order to prevent blocking

<a href="/pkg/crypto/tls#Conn.HandshakeContext">(*Conn).HandshakeContext</a> was added to

allow the user to control cancellation of an in-progress TLS Handshake.

The context provided is propagated into the

<a href="/pkg/crypto/tls#ClientHelloInfo">ClientHelloInfo</a>

and <a href="/pkg/crypto/tls#CertificateRequestInfo">CertificateRequestInfo</a>

structs and accessible through the new

<a href="/pkg/crypto/tls#ClientHelloInfo.Context">(*ClientHelloInfo).Context</a>

and

<a href="/pkg/crypto/tls#CertificateRequestInfo.Context">

(*CertificateRequestInfo).Context

</a> methods respectively. Canceling the context after the handshake has finished

has no effect.

Clients now ensure that the server selects

an ALPN protocol</a> from

TLS servers will now prefer other AEAD cipher suites (such as ChaCha20Poly1305)

support, unless the application set both

<a href="/pkg/crypto/tls/#Config.PreferServerCipherSuites"><code>Config.PreferServerCipherSuites</code></a>

or there are no other AEAD cipher suites supported.

The client is assumed not to have AES hardware support if it does not signal a

preference for AES-GCM cipher suites.

<a href="/pkg/crypto/tls/#Config.Clone"><code>Config.Clone</code></a> now returns

a nil <code>*Config</code> if the source is nil, rather than panicking.

<a href="/pkg/crypto/x509/#ParseCertificate">ParseCertificate</a> and

<a href="/pkg/crypto/x509/#CreateCertificate">CreateCertificate</a> both

now enforce string encoding restrictions for the fields <code>DNSNames</code>,

<code>EmailAddresses</code>, and <code>URIs</code>. These fields can only

contain strings with characters within the ASCII range.

<a href="/pkg/crypto/x509/#CreateCertificate">CreateCertificate</a> now

verifies the generated certificate's signature using the signer's

public key. If the signature is invalid, an error is returned, instead

of a malformed certificate.

<a href="/pkg/crypto/x509/#CertificateRequest">CertificateRequest</a> type.

These fields are now parsed in <a href="/pkg/crypto/x509/#ParseCertificateRequest">ParseCertificateRequest</a>

and marshalled in <a href="/pkg/crypto/x509/#CreateCertificateRequest">CreateCertificateRequest</a>.

TODO: <a href="https://golang.org/cl/262343">https://golang.org/cl/262343</a>: add Unwrap to SystemRootsError

<a href="/pkg/encoding/asn1/#Unmarshal">Unmarshal</a> and

<a href="/pkg/encoding/asn1/#UnmarshalWithParams">UnmarshalWithParams</a>

now return an error instead of panic when the argument is not

encoding packages such as <a href="/pkg/encoding/json">encoding/json</a>.

Cookies set with <code>SameSiteDefaultMode</code> now behave according to the current

spec (no attribute is set) instead of generating a SameSite key without a value.

The <a href="/pkg/net/http/"><code>net/http</code></a> package now uses the new

<a href="/pkg/crypto/tls#Conn.HandshakeContext"><code>(*tls.Conn).HandshakeContext</code></a>

with the <a href="/pkg/net/http/#Request"><code>Request</code></a> context

when performing TLS handshakes in the client or server.